Lucene search
K

5 matches found

OSV
OSV
added 2023/08/20 8:15 a.m.7 views

CVE-2023-37250

Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This...

7CVSS5.8AI score0.00298EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/08/20 12:0 a.m.17 views

CVE-2023-37250

Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This...

7AI score0.00298EPSS
Exploits0References3
CVE
CVE
added 2023/08/20 12:0 a.m.78 views

CVE-2023-37250

Unity Parsec includes a TOCTOU race condition that allows a local attacker to escalate to SYSTEM when installed in per-user mode. The issue arises from loading DLLs from a user-owned directory without guaranteed integrity verification. Affected: Parsec Loader up to version 8; Parsec Loader 9 fixe...

7CVSS6.8AI score0.00298EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/20 12:0 a.m.17 views

CVE-2023-37250

Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This...

7.1AI score0.00298EPSS
Exploits0References3
CERT
CERT
added 2023/08/16 12:0 a.m.27 views

Parsec Remote Desktop App is prone to a local elevation of privilege due to a logical flaw in its code integrity verification process

Overview Parsec updater for Windows was prone to a local privilege escalation vulnerability, this vulnerability allowed a local user with Parsec access to gain NTAUTHORITY/SYSTEM privileges. Description The vulnerability is a time-of-check time–of-use TOCTOU vulnerability. There existed a small...

7CVSS7.1AI score0.00298EPSS
Exploits0References2
Rows per page
Query Builder